State Of Enterprise IT 2018

The evolution of IT


By Pippa Thirkettle, Project Manager

It’s not an earth-shattering revelation that big companies are constantly experiencing different kinds of hacks and attacks. Security’s been a big priority for IT departments ever since IT departments came into existence, and in our hyper-connected, always-on world that’s not going to change.

Something that has changed over the past year is what the IT department is increasingly responsible for. As our main report this year explains, while enterprises are investigating a huge range of digital trends like customer personalisation and AI, it tends to be other parts of the business looking into those things. The IT department is more focused on the nuts and bolts, things like the infrastructure and compliance issues.

Security’s a big part of their remit now. In fact, it’s their biggest driver for spending.


This narrower remit should mean that the IT department are now better able to prevent any sort of data breach or attack.

The research shows that they are expert at identifying types of attack and who is responsible for them. Nearly nine in ten IT decision makers know exactly who was responsible for the breaches they’ve experienced over the past year.


But enterprises are still falling prey to attacks. Almost three quarters experienced an attack last year, most commonly malware or phishing. The IT department might be great at knowing where attacks are happening, but that doesn’t mean they’re being prevented.

We think that a big reason for this is that increasing gulf between the IT department and the rest of the business. As new x-as-a-service solutions are adopted throughout the company, it’s up to IT to figure out how to make sure those services – and the people using them – don’t leave the business open to breaches.

And unfortunately for IT, it’s the end users in particular who are falling short.

Where attacks have happened, three in ten IT respondents say that an employee’s lack of knowledge is the reason for the breach. Employees – be they uneducated or flat-out malicious – are key points of weakness in organisation’s security planning.

While our research shows that most attacks are opportunist in nature, it also suggests that it is employees who are unknowingly providing those opportunities. The most common underlying causes of attacks amongst our respondents are employees not using the internet or email safely, and using weak passwords in the first place.

All of these types of attacks can easily be avoided with a little care and education. That appears not to be happening.

This provides a big opportunity for tech marketers in security vendors.

While IT decision makers have good visibility over what’s happening, they can’t control either the services purchased without IT’s involvement or how employees and other end users interact with those services. It is crucial to explain how IT can use security products to prevent intrusions caused by systems bought elsewhere in the business.

And any tools or solutions to help limit the danger that employees pose to organisation-wide security – be that education or otherwise – will go a long way.

Any thoughts?

Other reports about the state of enterprise IT: